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REMARKS 

This Amendment is responsive to the Office Action mailed on January 30, 2004. 

The specification is objected as it contains a hyperlink and a typographical error. The 
specification is amended herein to delete the hyperlink as required by the Examiner and to correct 
the typographical error. 

Claims 1-3, 7, 9, 1 1, 14, 15, and 17 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over an article by Thrift entitled "Jave Enabled Television", in view of Gong (US 
6,047,377) and Anand (US 6,044,466). 

Claims 1-6, 8, 10, 12, 13, 16, and 17 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Ellis (US 6,665,869) in view of McRae (US 6,1 15,079). 

Claims 1 and 17 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Thrift in view of Gong and Ahmad (US 5,925,127). 

Applicants respectfully traverse these rejections in view of the comments which follow. 

Response to Rejections Based on Thrift in View of Gong and Anand 

Claims 1-3, 7, 9, 11, 14, 15, and 17 stand rejected as being unpatentable over an article by 
Thrift, in view of Gong and Anand. 

Thrift describes the use of Java applets in a television environment. However, as 
acknowledged by the Examiner, Thrift does not address any security issues associated with the 
use or downloading of such applets. 

The Examiner relies on Gong as disclosing "a method and apparatus for establishing and 
maintaining security rules in conjunction such as that utilized by received and executed 'software 
applications' such as those associated with the JAVA ™ programming language in order to 
control television 'receiver functions'" (Office Action, page 3). Gong does disclose a Java 
security architecture which uses permissions to manage and control code executed by a computer 
system. Applicant respectfiilly submit that the present invention is an extension of the Java 
security architecture disclosed in Gong. Applicant has referred to an article by Gong entitled 
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"Java Security Architecture" referenced on page 4, lines 1 1-13 of Applicant's specification, 
which essentially summarizes the disclosure of the Gong patent. Applicant's disclosure at pages 
4-6 discusses how the present invention extends the security architecture provided by Gong. 

Gong does not disclose or remotely suggest using conditions corresponding to the current 
state of the receiver in connection with permissions for controlling an application's access to a 
function of the receiver, as claimed by Applicant. With Applicant's claimed invention, it is 
determined whether an associated security policy of a software application contains a permission 
for the software application to access the receiver function. In addition, data defining a condition 
of the receiver under which access to the receiver function by the software application is 
permitted is provided. If the security policy of the software application contains the permission, 
then it will be determined whether the condition of the receiver is met by data indicative of the 
current state of the receiver . In Applicant's system, both the permission must be present and the 
current state of the receiver must satisf / the condition before the software application can access 
the receiver function . Therefore, Applicant's security system is dynamic, in that it is dependent 
on the current state of the receiver, which can change frequently. In contrast to Applicant's 
invention, Gong merely provides static permissions for accessing functions of a receiver, and 
does not disclose the use of additional conditions in connection with the permissions. 

The Examiner has cited to Col. 16, lines 47-55 of Gong as disclosing the use of 
conditions as claimed by Applicant (Office Action, page 4). The cited passage of Gong mentions 
that a bank account permission may have an action, an account, and a maximum amount 
attribute. The action, account, and maximum amount are part of the permission or instructions 
(Col. 16, lines 9-22), and are not a condition of the receiver as claimed by Applicant. As set 
forth, for example, in Applicant's claims 1-6, the condition claimed by Applicant may be: a 
conditional access state of the receiver, such as a blackout state, a pay-per-view state, or an 
authorization state; a user state, which may be defined by a user preference, a user password, or a 
user identifier; time, date, or day, or the like. 

Gong does not disclose a dynamic security system as is provided by the present invention. 
For example, an ABC application may come with a policy that it can be run at the set-top box 
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only if it is authorized for the ABC services (e.g., ABC television channel). This is a static 
security policy. The box is either authorized or it is not. It is very easy to determine the 
authorization state of the box when evaluating this permission and it will always come back with 
the same answer. If an additional condition is added, such that the box must also be tuned to the 
ABC channel while running the ABC application (e.g., to make sure that the box is not running 
the CNN stock ticker application while tuned to BBC news), the evaluation of the permission to 
run the ABC application will come back with different answers depending on what channel the 
box is tuned to. In other words, the security of the present invention is dynamic in the sense that 
it is dependent on the current state of the receiver, which can change. 

The Examiner has acknowledged that Gong does not disclose conditions which are 
related to a current state of the receiver (Office Action, page 4). The Examiner relies on Anand as 
disclosing the use of conditions relating to a current state of the receiver as claimed by Applicant 
(Office Action, page 4). Although Anand uses the term "dynamic derivation" of permissions 
(Col. 3, lines 23-27), this term is used in the context of delegating permissions from one user to 
another (Col. 3, lines 20-34), rather than in the context of permitting a software application to 
access a receiver fiinction as claimed by Applicant. In other words, the conditions discussed in 
Anand must be satisfied in order to delegate permissions from one user to another . In Anand, 
once a permission is received, the receiver function may be accessed. Contrary to the present 
invention, in Anand there is no further check of a condition being met by a current state of the 
receiver after the permission is received, before the receiver function may be accessed, as 
claimed by Applicant. Anand therefore discloses a static security policy which is not related to 
the current state of the receiver. 

Applicants respectfully submit that the present invention would not have been obvious to 
one skilled in the art in view of the combination of Thrift, Gong, and Anand, as none of the cited 
references discloses or remotely suggests the features of Applicant's claims 1 and 17. In 
particular, the combination of Thrift, Gong, and Anand does not disclose or remotely suggest 
providing data defining a condition of the receiver under which access to the receiver fiinction by 
the software application is permitted, determining if an associated security policy of the software 
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a pplication contains a permission for the software application to access the receiver function, and if 
the permission is present, determining whether a condition of the receiver is met by data indicative 
of a current state of the receiver , as claimed by Applicant. 

Applicant respectfully submits that the present invention would not have been obvious to 
one skilled in the art in view of the combination of Thrift, Gong, and Anand, or any of the other 
references of record. 

Discussion of Rejection in View of Ellis and Macrae 

Claims 1-6, 8, 10, 12, 13, 16, and 17 stand rejected as being unpatentable over Ellis in 
view of McRae. 

Ellis discloses a program guide system which supports an interactive program guide and 
multiple non-guide applications, such as an Internet browser application, video-on-demand, 
electronic shopping, banking, and wagering, and the like (Col. 2, lines 1-15). The program guide 
application allows parents to lock programs using parental control resource 68a (Col. 6, lines 20- 



Ellis does not disclose the use of any type of security policies controlling how 
applications are run at the terminal or how applications are allowed to access resources or 
fiinctions of the terminal based on those security policies and related conditions of the terminaU 
as claimed by Applicant. Ellis does not disclose or remotely suggest the use of both permissions 
and conditions as claimed by Applicant. In particular, the EPG application with parental control 
of Ellis relied on by the Examiner does not have an associated security poUcy which contains a 
permission for the software application to access the receiver , as claimed by Applicant. 

Further, the Examiner has also acknowledged that Ellis does not disclose Applicant's step 
of "determining whether said condition of the receiver is met by data indicative of a current state 
of the receiver" (Office Action, page 6). The Examiner relies on MacRae as disclosing this 
subject matter. 

MacRae discloses a mechanism for parents to define a table or matrix that is stored by a 
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tuner in order to determine what channels are allowed to be tuned to, which can include the time 
of day, date, or other restrictions (Col. 4, lines 54-57). The disclosure of MacRae is a description 
of how parental ratings and other types of parental control for television viewing is accomplished 
on most televisions and set-top boxes. MacRae has nothing to do with downloadable 
applications , security policies for these applications , permissions for these applications , or 
conditions under which applications containing appropriate permissions can access functions of a 
television receiver , as claimed by Applicant. 

The present invention advantageously uses a dynamic approach to providing access control 
for software applications . Unlike the present invention in which the end user and the content 
provider are both protected, with rating control schemes such as that disclosed in MacRae, only 
the end user is protected. With such prior art rating control, the end user is in charge of defining 
the security policy that applies (e.g., setting the conditions, rating ceiling and the password). In 
contrast, with the present invention, the network's service provider is in charge of defining the 
policy to protect the different content providers that are on the network. Prior art rating control 
schemes such as MacRae are static systems, since the channel is either always locked (the user 
does not have the password) or always accessible (the user has the password). Such systems are 
not dependent on the current state of the receiver . 

In the present invention, the same application runs on certain channels but does not run on 
others, e.g., when the user tunes to another channel, sometimes the application stays on, and 
sometimes it is terminated, depending on the definition of the security policy. In the prior art rating 
mechanism, changing channels really means switching applications (considering a video channel an 
application). The present invention can accommodate multiple simultaneous applications (e.g., a 
data application running on top of a video channel), where changing channels sometimes leaves the 
same data application on, and sometimes does not, based on the security policy and the current state 
of the receiver (see, e.g.. Applicant's specification, page 30, line 22 through page 32, line 22). 

Such advantages are not provided by the disclosures of Ellis or MacRae, taken alone or in 
combination. 

As neither Ellis nor MacRae disclose or remotely suggest: (a) determining whether an 
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associated security policy of an application contains a permission to access a receiver functions, 
(b) providing data defining a condition of the receiver under which access to the receiver 
function by the software application is permitted, and (c) determining whether the condition of 
the receiver is met by data indicative of a current state of the receiver, the combination of Ellis 
and MacRae would not have led one skilled in the art to Applicant's invention as suggested by 
the Examiner. 



Discussion of Rejection in View of Thrift. Gong, and Ahmad 

Claims 1 and 17 stand rejected as being unpatentable over Thrift in view of Gong and 
Ahmad. Thrift and Gong are discussed in detail above. 

Ahmad discloses a system for monitoring the use of a rented software program. The 
Examiner indicates that Ahmad discloses an application having a security policy with a 
permission which allows or prevents the application from accessing a receiver ftanction if the 
condition is met by data indicative of a current state of the receiver (Office Action, page 10). 
Applicant respectfully disagrees with the Examiner. 

Ahmad is not concerned with digital television receivers as claimed by Applicant. Ahmad 
provides a Software Monitor which starts a timer to record the time of use of a rented software 
program for personal computers . The program may query the Software Monitor to determine if 
the licensed time of the program has expired (Col. 2, lines 62-67). Such a system is not tied to a 
current state of a digital television receiver , as claimed by Applicant. Further, the software 
program of Ahmad does not appear to have its own security policy and permissions. Instead, in 
Ahmad, the Software Monitor is a separate software module which is downloaded with the 
software program (Col. 2, lines 15-21). It does not control access to a receiver fiinction . 

Applicants respectfully submit that the present invention would not have been obvious to 
one skilled in the art in view of Thrift in view of Gong and Ahmad, as none of the cited 
references discloses or remotely suggests the features of Applicant's claims 1 and 17. In 
particular, the combination of Thrift, Gong, and Ahmad does not disclose or remotely suggest 
providing data defining a condition of the receiver under which access to the receiver ftmction by 
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the software application is permitted, determining if an associated security policy of the software 
application contains a permission for the software application to access the receiver function, and if 
the permission is present, determining whether the condition of the receiver is met by data 
indicative of a current state of the receiver , as claimed by Applicant, 

Further remarks regarding the asserted relationship between Applicant's claims and the 
prior art are not deemed necessary, in view of the above discussion. Applicant's silence as to any 
of the Examiner's comments is not indicative of an acquiescence to the stated grounds of 
rejection. 

Withdrawal of the rejections under 35 U.S.C. § 103(a) is therefore respectfully requested. 



In view of the above, the Examiner is respectftilly requested to reconsider this 
application, allow each of the presently pending claims, and to pass this application on to an early 
issue. If there are any remaining issues that need to be addressed in order to place this application 
into condition for allowance, the Examiner is requested to telephone Applicant's undersigned 
attorney. 



Conclusion 



Respectfully submitted, 




Dougla/M. McAllister 
Attorney for Applicant(s) 
Registration No. 37,886 
Law Office of Barry R. Lipsitz 
755 Main Street 
Monroe, CT 06468 
(203) 459-0200 
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